
AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims 
in the application: 

Listing of Claims: 

1 1 . (Currently amended) A method for sharing a security context between 

2 different sessions on a database server, comprising: 

3 receivings request at the database server through a database session 

4 between the database server and an application on a database client; 

5 looking up an identifier for an application client that identifies a client of 

6 the application, the \dentifier having been previously associated with the database 

7 session; 

8 using the identifier to look up the security context for the application client 

9 within a storage area associated with the database server; 

10 wherein the security context includes attributes related to the application 

1 1 client;-and 

12 receiving the security context for the application client from the database 

13 client; 

14 inserting the securitA context into the storage area associated with the 

15 database server so that the security context can be indexed by the identifier for the 

16 application client; 

1 7 performing a database Operation to satisfy the request; 

1 8 wherein performing the database operation involves enforcing access 

1 9 rights associated with the security context : and 

20 allowing the application cment to use the same security context through a 

21 second application and a second database session by: 
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receiving a second request at the database server through 
the second database session with the second application, 

looking! up the identifier for the application client, the 



identifier havin 


I been previously associated with the second 


database sessioi 
using th( 


l and 

: identifier to look up the security context for the 


application clier 


t within the storage area associated with the 



database server. 



JAN 2 1 2004 

2. (Original) The methodlof claim 1, wherein the request includes a "|"^Q^f\oiOQy CSOtSf 210^ 
database query directed to a database on the database server. 



1 3. (Original) The method of claim 2, wherein performing the database 

2 operation involves modifying the database query to enforce access rights 

3 associated with the security context. 

1 4. (Original) The method of claim 1, wherein the identifier for the 

2 application client identifies a user qf the application that is sending the request to 

3 the database server. 

1 5. (Original) The method of claim 1 , 

2 wherein the database client i^an application server that is sending the 

3 request to the database server; and 

4 wherein the identifier for the Application client identifies an application 

5 session between the application on th^j application server and the client of the 

6 application. 

1 6. (Original) The method of claim 5, further comprising: 
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2 receiving a request from the application to change the application session 

3 associated with the database session; and 

4 changing the application session associated with the database session. 

1 7. (Original) The method of claim 5, further comprising facilitating 

2 connection pooling byperiodically changing the application session associated 

3 with the database session in order to channel requests associated with multiple 

4 application sessions through the database session. 

1 8-9. (Canceled). 

1 10. (Currently amended) A computer-readable storage medium storing 

2 instructions that when executed by a computer cause the computer to perform a 

3 method for sharing a securiw context between different sessions on a database 

4 server, the method comprising: 

5 receiving a request an the database server through a database session 

6 between the database server and an application on a database client; 

7 looking up an identifier for an application client that identifies a client of 

8 the application, the identifier paving been previously associated with the database 

9 session; 

1 0 using the identifier to ldok up the security context for the application client 

1 1 within a storage area associated\with the database server; 

12 wherein the security context includes attributes related to the application 

1 3 client;^aftd 

14 receiving the security context for the application client from the database 

15 client; 
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16 inserting! the security context into the storage area associated with the 

17 database server so that the security context can be indexed by the identifier for the 

18 application client; 

1 9 performing a database operation to satisfy the request; 

20 wherein performing the database operation involves enforcing access . 

2 1 rights associated With the security context ; and 

22 allowing tne application client to use the same security context through a 

23 second application and a second database session by: 

24 \ receiving a second request at the database server through 

25 the second database session with the second application, 

26 \ looking up the identifier for the application client, the 

27 identifier having been previously associated with the second 

28 database session, and 

29 \ using the identifier to look up the security context for the 

30 application client within the storage area associated with the 

31 database server . 

1 11. (Original) Tire computer-readable storage medium of claim 10, 

2 wherein the request inclupes a database query directed to a database on the 

3 database server. 

1 12. (Original) The computer-readable storage medium of claim 11, 

2 wherein performing the database operation involves modifying the database query 

3 to enforce access rights associated with the security context. 

1 13. (Original) The computer-readable storage medium of claim 10, 

2 wherein the identifier for the application client identifies a user of the application 

3 that is sending the request to the database server. 
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1 14. (Original) The computer-readable storage medium of claim 10, 

2 wherein Ithe database client is an application server that is sending the 

3 request to the database server; and 

4 wherein the identifier for the application client identifies an application 

5 session between pie application on the application server and the client of the 

6 application. 

1 15. (Original) The computer-readable storage medium of claim 14, 

2 wherein the method further comprises: 

3 receiving a nequest from the application to change the application session 

4 associated with the database session; and 

5 changing the application session associated with the database session. 
* i 

1 16. (Original) iThe computer-readable storage medium of claim 14, 

2 wherein the method further comprises facilitating connection pooling by 

3 periodically changing the application session associated with the database session 

4 in order to channel requests associated with multiple application sessions through 

5 the database session. 

1 17-18. (Canceled} 

1 19. (Currently amended) An apparatus that facilitates sharing a security 

2 context between different sessions on a database server, comprising: 

3 a receiving mechanism that is configured to receive a request at the 

4 database server through a database session between the database server and an 

5 application on a database client; 

6 wherein the receivinglmechanism is further configured to receive the 

7 security context for the application client from the database client; 
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wherein the receiving mechanism is further configured to receive a second 
request at the database server through a second database session between the 
database server and a second application; 

a lookup mechanism that is configured to look up an identifier for an 
application client that identifies a client of the application, the identifier having 
been previously associated with the database session; 

wherein the lookup mechanism is configured to use the identifier to look 
up the security contekt for the application client within a storage area associated 
with the database senver; 

wherein the lookup mechanism is further configured to look up the 
identifier for the application client, the identifier having been previously 



associated with the s< 



wherein the lookup mechanism is further configured to use the identifier to 



look up the security cc 



associated with the database server; 



ond database session; 



ntext for the application client within the storage area 



wherein the secbrity context includes attributes related to the application 
client;-and \ 

a security context initialization mechanism that is configured to insert the 
security context into theWorage area associated with the database server so that 
the security context can be indexed by the identifier for the application client; and 

a database engine \hat is configured to perform a database operation to 
satisfy the request; . 

wherein performing the database operation involves enforcing access 
rights associated with the security context. 



1 20. (Original) The apparatus of claim 19, wherein the request includes a 

2 database query directed to a database on the database server. 
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21. (Original) The apparatus of claim 19, wherein the database engine is 
configured to perform the database operation by modifying the database query to 
enforce access rights associated with the security context. 



22. (Orig: 
application cliem 
the database servsr 



nal) The apparatus of claim 19, wherein the identifier for the 
identifies a user of the application that is sending the request to 



23. (Origi lal) The apparatus of claim 19, 

wherein the database client is an application server that is sending the 
request to the database server; and 

wherein th ; identifier for the application client identifies an application 
session between tbje application on the application server and the client of the 
application. 

24. (Original) The apparatus of claim 23, wherein the receiving 
mechanism is additionally configured to receive a request from the application to 
change the application session associated with the database session; and 

further comprising a changing mechanism that is configured to change the 
application session essociated with the database session in response to the request. 



25, 



(Original) 



mechanism is further 



The apparatus of claim 24, wherein the changing 



configured to facilitate connection pooling by periodically 
changing the application session associated with the database session in order to 
channel requests associated with multiple application sessions through the 
database session. 

26-27. (Canceled). 
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